Configuring VPN Settings

To configure the required Remote Access VPN settings:

  1. In SmartConsole > Security Policies tab, right click the Security Gateway and select Edit.

    The Check Point Gateway window opens.

  2. Enable VPN functionality: In the General Properties page, in the Network Security tab, select the IPSec VPN blade.

    Note - This enables all IPsec VPN functionality.

  3. Add the Security Gateway to the Remote Access VPN community:

    1. From the Security Gateway Properties tree, click IPsec VPN.

    2. Under This Security Gateway Participates in the following VPN Communities, click Add.

    3. In the window that opens, select Remote Access.

    4. Click OK.

  4. Set the VPN domain for the Remote Access community:

    1. From the Security Gateway Properties tree, select Network Management > VPN Domain.

    2. Click Set domain for Remote Access Community.

    3. In the window that opens, select the Remote Access VPN Community and click Set.

    4. In the window that opens, select a VPN Domain and click OK, or click New and define a VPN domain.

    5. Click OK.

  5. Configure Visitor Mode:

    1. From the Security Gateway Properties tree, select VPN Clients > Remote Access.

    2. Select Support Visitor Mode and leave All Interfaces selected.

    3. Optional: Choose the Visitor Mode Service, which defines the protocol and port of Endpoint Security VPN connections to the Security Gateway.

  6. Configure Office Mode:

    1. From the Security Gateway Properties tree, select Office Mode.

    2. Select an option: Offer Office Mode to group or Allow Office Mode to all users.

    3. Select an Office Mode Method.

    4. Click OK.

    Note - Office mode is not supported in SecuRemote. If you use SecuRemote, you can select Do not offer Office Mode. If another option is selected, it is ignored.

To add Remote Access Clients users to the VPN Community:

  1. In SmartConsole, Security Policies tab, under Access Tools, click VPN Communities.

  2. In the list of VPN Communities, double click the RemoteAccess community.

  3. From the tree, select Participant User Groups.

  4. Make sure all Remote Access clients users are included.

    • You can leave All Users.

    • You can click the plus sign to add existing user groups to the community.

  5. Select Participating Gateways.

  6. Make sure that the Security Gateway you configured for remote access is listed.

  7. Click OK.

To configure encryption for the VPN:

  1. From the SmartConsole menu, select Global Properties.

  2. Select Remote Access > VPN - Authentication and Encryption.

  3. In Encryption Algorithms, click Edit.

    • In Support encryption algorithms - Make sure that at least one AES encryption algorithm is selected.

    • In Use encryption algorithm - Make sure that at least one AES encryption algorithm is selected.

  4. Click OK.

  5. Click OK.

    Important - The client does not support DES algorithms. An AES algorithm must be selected.

    You can enable support for DES algorithms, if you also enable support for at least one AES algorithm.